Working to help protect customers from vulnerabilities in Adobe software. Contact us at PSIRT(at)adobe(dot)com.

Archive for April, 2016

A Security Bulletin (APSB16-13) has been published regarding a security update for the Adobe Analytics AppMeasurement for Flash Library. This update resolves an important vulnerability in the AppMeasurement for Flash library that could be abused to conduct DOM-based cross-site scripting attacks when debugTracking is enabled.

Adobe recommends Analytics customers using the AppMeasurement for Flash library rebuild projects with the updated library available for download from the Analytics Console. Refer to the solution section of the Security Bulletin for more information.

This posting is provided “AS IS” with no warranties and confers no rights.

Security Bulletins for the Adobe Creative Cloud Desktop Application (APSB16-11) as well as RoboHelp Server (APSB16-12) have been published. Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant security bulletin.

This posting is provided “AS IS” with no warranties and confers no rights.

A Security Bulletin (APSB16-10) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin.

Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier. Please refer to APSA16-01 for additional details.

UPDATE: Security Bulletin APSB16-10 has been updated April 12 to reflect the availability of updates for Adobe AIR.

This posting is provided “AS IS” with no warranties and confers no rights.

A Security Advisory (APSA16-01) has been published regarding a critical vulnerability (CVE-2016-1019) in Adobe Flash Player. UPDATE: Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 7 and Windows XP Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier. A mitigation introduced in Flash Player 21.0.0.182 currently prevents exploitation of this vulnerability, protecting users running Flash Player 21.0.0.182 and later.

Adobe is planning to provide a security update to address this vulnerability as early as April 7. For the latest information, users may continue to monitor the Adobe Product Security Incident Response Team blog.

This posting is provided “AS IS” with no warranties and confers no rights.